Add support for Authorize headers to requests to AlertManager

[mwitkow]

We're considering moving our AlertManagers completely out of our VPN networks, and putting it behind a reverse proxy somewhere.

We thought about just adding Basic headers into the URL, but it seems that Go doesn't automatically populate headers from URL params:

func TestUrlParsing(t *testing.T) {
    x, err := url.Parse("https://bar:foo@car.example.com/stuff")
    t.Logf("user info: %v", x.User)

    req, _ := http.NewRequest("POST", "https://bar:foo@car.example.com/stuff", nil)
    user, pass, ok := req.BasicAuth()
    t.Logf("basic auth on request: enabled=%v, user=%v, pass=%v", ok, user, pass)
}

Can we add a flag to Prometheus for the contents of the Authorize header to AlertManager requests? If not, we can always build a small local reverse proxy for these :)

[brian-brazil]

I don't think we'll be adding this until we've got the HA alertmanager, as this depends on moving from a flag to the config file and there's so many other options that we can't do it piecemeal.

[juliusv]

@mwitkow Putting basic auth into the URL seems to work for me. When I set -alertmanager.url=http://foo:bar@localhost:9093/, it sends Authorization: Basic Zm9vOmJhcg== on the wire.

[juliusv]

@mwitkow You are not seeing the correct header in your example because Go populates the Authorization header from the URL only upon actually sending a request: https://golang.org/src/net/http/client.go?s=6511:6572#L247

[mwitkow]

Great! Thanks. Not need it anymore then :)

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.